One of Rockwell Automation's primary remote monitoring and assistance tools is its two-year-old Virtual Support Engineer (VSE), which can be scaled to fit the size and risk threshold of each user's application, use store-and-forward functions to preserve data, display operating trends following alerts and alarms and maintain access via cellular links if an IP connection isn't available.
Simpler Security? Sweet!
Of course, the dark undercurrent and persistent question that goes with all this remote access is how to maintain its security. One instructive solution comes from Big Drum Engineering in Edertal-Giflitz, Germany, which designs, builds, installs and supports filling machines for the ice cream and other food industries worldwide. Its machines fill liquid products in containers from 50 ml to 5 l with an output of up to 50,000 units/hr (Figure 2). The machine builder reports its end users are increasingly demanding continuous system availability because any downtime can quickly lead to production and financial losses. Consequently, Big Drum views "demand-oriented maintenance" and fast troubleshooting via safe, secure remote services as critical for keeping its users up and running.
"With the exception of the Sahara Desert, our systems are used in almost every region of the world," says Andreas Itter, Big Drum's sales and marketing manager. "To ensure 100% availability, we've developed an effective and secure remote service infrastructure. Large customers such as Nestlé and Unilever expect us to deliver services in accordance with total productive maintenance (TPM), and similar demands from other companies have also increased strongly in this area."
Big Drum has provided remote machine support for about 10 years, constantly monitors its machines and transmits key parameters to its headquarters, which allows its technicians to maintain ongoing data control. Its service department is staffed 24/7 and can immediately react to any machine disturbances. This always-on availability typically means users need and expect a permanent, online connection to Big Drum as a prerequisite for better service, preventive maintenance and higher security. All its filling machines with PLCs from Rockwell Automation are routinely equipped with remote service modules. The builder reports it presently operates more than 100 of these remote systems with different end users.
To achieve secure, online connectivity, Big Drum also employs mGuard security routers from Innominate Security Technologies, a division of Phoenix Contact. These switches protect IP data connections with a VPN-enabled Ethernet router and a configurable firewall with dynamic packet filtering. Technicians connect to users' plant operators via a VPN, and mGuard serves as VPN gateway, connecting the technicians to the plant network via the Internet. These secure, broadband IP and VPN connections for online monitoring are more reliable and stable than former modem connections, and they can handle increasing data volumes and other services. In practice, Internet connections to Big Drum only materialize when a VPN key is manually switched on.
To safeguard confidentiality and authenticity, mGuard uses cryptographic protocols and hardware-accelerated encryption with 3DES (168 bits) or AES (128, 192, 256 bits) and the IP Security Protocol (IPsec). An integrated firewall also helps seal off Big Drum's system from users’ production networks, and a configurable, stateful, packet-inspecting firewall protects against unauthorized access. Also, a dynamic packet filter scans for new connection attempts based on their addresses, ports of origin and destination, and it blocks any unwanted traffic.
These security measures are needed because Big Drum increasingly performs needs-based maintenance of devices that can wear out faster and require closer monitoring, such as servo motors and drives. Increased temperatures in these components can indicate problems due to wear. If predefined tolerance values are exceeded, an automatic email warning can be sent to the service team, which conducts indicated inspections and can prevent previously unavoidable interruptions. Likewise, its continuous, online connection also allows Big Drum's technicians to assess and verify new equipment performance during startups, introduce optimizations during the warranty period and monitor deviations in filling volume or compliance with predefined opening and closing times of the valves or machine-specific cycle times during the final service phase.
"Our remote services increase users' system availability, and we've reduced fault-clearance times by 70%," says Itter. "With access to remote data, not only can we troubleshoot faster, but we're less expensive for our customers due to the elimination of travel costs."
Logically, once remote support shows it can be used securely and gains wider acceptance, all kinds of new, nontraditional and unexpected applications want to try it, too.
For example, VRTX Technologies in San Antonio, Texas, uses a high-pressure flow technique called "dynamic cavitation technology" to clean cooling water in its users' HVAC, refrigeration and process cooling systems. However, as its skid-based systems multiplied worldwide, VRTX's staff realized they needed access to their PLCs on the skids, even though accessing them through most customers' IT infrastructures was often difficult. In fact, only 5% of VRTX’s users allow them to access data about their systems. After talking to several users, VRTX decided it needed a cellular monitoring system for its water treatment skids, which would enable it to monitor the equipment and give users access to their data without having to pass through IT systems.